Deploying Azure Resource Policies 2: Limit Azure Regions

Many organizations that are moving to Azure would like to enforce data sovereignty and ensure that no resources can be deployed outside of the country. One of my customers needed to make sure that no Azure resources would be deployed outside of Australia. This can easily be achieved with Azure Resource Policies.

Just like in the first blogpost we need to create our Policy and then assign it.

First of all, we need to know the exact names of the Azure regions we want to allow. This can be achieved by running the following PowerShell cmdlet:

PowerShell

1

2

login-azurermaccount

Get-AzureRmLocation|SelectLocation,DisplayName

Create Azure Resource Policy:

The next step is to create a JSON Resource Policy that will deny the deployment of Azure Resources if it’s not deployed in Australia: